This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
GCC optimizes integer overflow: bug or feature? (was: avoid integer overflow in mktime.m4)
- From: Ralf Wildenhues <Ralf dot Wildenhues at gmx dot de>
- To: gcc at gcc dot gnu dot org
- Cc: bug-gnulib at gnu dot org
- Date: Tue, 19 Dec 2006 06:54:05 +0100
- Subject: GCC optimizes integer overflow: bug or feature? (was: avoid integer overflow in mktime.m4)
- References: <20061218230847.GD3824@iam.uni-bonn.de> <87zm9k8wqr.fsf@penguin.cs.ucla.edu>
[ Please see http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/8152
http://www.ginac.de/pipermail/cln-list/2006-December/000259.html ]
Hello Paul, all,
Let's forward your comments and questions to the GCC list, I wasn't
aware of this topic being so disruptive:
* Paul Eggert wrote on Tue, Dec 19, 2006 at 03:06:52AM CET:
> Ralf Wildenhues <Ralf.Wildenhues@gmx.de> writes:
>
> > the newer GCC exploits at -O2 the fact that integer overflow
> > produces undefined behavior
>
> Wheeeoo! That optimization is going to break a _lot_ of GNU
> software. (Silently. Oh my.)
>
> This is a major change. Where is it documented and discussed? I
> don't see it listed at either
> <http://gcc.gnu.org/gcc-4.2/changes.html> or
> <http://gcc.gnu.org/gcc-4.3/changes.html>.
>
> We tried to do that sort of optimization in the 1990s (back when I
> was a GCC contributor), but ran into too many problems in
> real-world software. So the optimization got removed. RMS
> decided it was too disruptive.
>
> How about if we report the problem again, and get the optimization
> removed from -O2? I don't mind having the optimization available
> on request for people who prefer speedy to reliable software, but
> it shouldn't be turned on with a mere -O2, as it breaks too much
> real-world code like mktime.c, which says:
>
> /* The code also assumes that signed integer overflow silently wraps
> around, but this assumption can't be stated without causing a
> diagnostic on some hosts. */
>
> The optimization also breaks code that assumes LIA-1 (see Annex H
> of the C99 standard). To conform to LIA-1, if signed integer
> arithmetic does not wrap around reliably, a signal must be
> generated.
>
> Surely the GCC guys care about LIA-1. After all, gcc has an
> -ftrapv option to enable reliable signal generation on signed
> overflow. But I'd rather not go the -ftrapv route, since that
> will cause other problems. I'd rather have signed integer
> overflow silently wrap around, as this is the traditional behavior
> and a lot of real-world code assumes this. Is there an option to
> the new GCC to specify this?
Maybe it's also just an unintended bug I happened to observe
(and take for given behavior)? Should I open a bugzilla entry?
The testing was done with
gcc (GCC) 4.3.0 20061215
and I haven't tested GCC in several months before, so I have no idea
when this was introduced.
> If not, is there any way to tell the new GCC to disable this
> harmful optimization? Maybe we can have 'configure' automatically
> generate the appropriate flag to do that. For example, we can
> change Autoconf to default to -O1 instead of -O2. I hope we don't
> have to be this drastic, though; I'd rather just disable the
> optimizations that cause GCC to depart from LIA-1 wraparound
> arithmetic.
> > This test hangs,
>
> Does the test hang forever?
No, the timeout works.
Cheers,
Ralf